hxxps://drive[.]google[.]com/uc?export=download&id=1aDQ93KLASV-LqhzplcipjdT_mpeYyKZJ

Analysis

max time kernel
59s
max time network
59s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-fr
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-frlocale:fr-fros:windows10-ltsc 2021-x64systemwindows
submitted
18-12-2024 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1aDQ93KLASV-LqhzplcipjdT_mpeYyKZJ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790017345864520"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
568	chrome.exe
568	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
568	chrome.exe
568	chrome.exe
568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 568 wrote to memory of 3888	568	chrome.exe	81
PID 568 wrote to memory of 3888	568	chrome.exe	81
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 2916	568	chrome.exe	83
PID 568 wrote to memory of 328	568	chrome.exe	84
PID 568 wrote to memory of 328	568	chrome.exe	84
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85
PID 568 wrote to memory of 4420	568	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?export=download&id=1aDQ93KLASV-LqhzplcipjdT_mpeYyKZJ
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff8546ccc40,0x7ff8546ccc4c,0x7ff8546ccc58
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1788,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1316,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3884,i,13691036154951791165,11273612191411468603,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3832

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\272785a6-2c53-48f0-9ec3-ae4b37dd8f42.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0f242ebdd03053164eec835c22d1abb5

SHA1
0d52cc754737147bb221126aa0f3f2e966270114

SHA256
5f05d592d61c2bf358443b240ae64ee72b7c8f1274f0b6be937910e6583748df

SHA512
099552d30bd48201c9e6a9471793f8539d1dfb45934f6684986806f74f85b04bba40864404358f2bad1883cb829cb2fcc05e167261c58d47f6e350eeb793ca27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
c6fa12710f727b49041d61af967e4791

SHA1
c334c20543d51a912c0fa916af4f17f0b58d4e1f

SHA256
4959a3f009d08ba0893eaff58d4eb33f02854b8d579b1bac3459e0241e9ddb50

SHA512
0e5188429ba3f99df52ac276a01b7166d091ec13d5f2157ee2a7c4d6d66b24fe7c8273c8a33b72f7c330f6fb7c6cd8837e48c4ec8d286d110b212c95c2bcef43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
097a0137b127b6daad8bdfa510cb761b

SHA1
a5fdc311fc0eb8b65c41068a2c4dd7d9dde5fe86

SHA256
90ddedfcee08e2bac01b56957e2cbf996981cfb80210a51a5eb091b058f6f128

SHA512
5ebcd6d1b54c8d572603e0dc6227abd5b7905a79898fada581cb5a3ab21046ac137ae215c625de491baef688ab082db99ad583889b94e47b2194305b7813fa38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c305de5a624545bbd9d08bc3ba3346d4

SHA1
3ef168e033dd1e61f355d289d55b55af253b873f

SHA256
847aab3e834cb407c91c0c997a55ff2b81ef0915e07e5a335bd12747ca08428b

SHA512
a42c3581b6eb8ea6b693deb8004982a1afdef5a015236b43aef7eac6c7c22deb95d17a9dac74a9ecea18b9d3a3e3878e9a84ede4702d5a08da48d6d754c865c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
67cc23d4b3019ee4c06d89bc7ba2205c

SHA1
2f1acbfc2089728b7cbf32d886772b45a26246d2

SHA256
37f5f4f08653de13851bfe33f5a0690d9fb1dfd8b723f75651b96f87008563c4

SHA512
67d3efabf2bc6c6088a4e951ff5b5ef9ae2ed8e1fd5fc69dbd2074ccdc871c3b2f5a9c9a433c6be3dfd44e25b956e551fb31b2d467c9cab5ae2175af1ea880d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
519cdb8bea058e0a58b6b8ba39d36d9c

SHA1
480f2dc20d6a1ef1ef4722b9a6b5c79d719c9500

SHA256
ac130574123549aa4946960a9348d2cc92fc06c2f2ae668bc70c353a963fd6cf

SHA512
6dd40596258cb7de43337c28dd4d1d78816eab5130d8730c80dd1ba475f7c5fe4c6172b7cf5e96b756f031ef9dc9f98c9ef4263068397e09eb1f18261d98b121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6aa9bf68648da9ab5da7a423628430ec

SHA1
02670ee6218e4807a8ec910a42f5164b2a907c03

SHA256
107fa3b210100fd568ba44a21f47589a81b9c6369c73ae4bf3cc346b81acde73

SHA512
2ca67116fa32af83919fb4ef5879b067cbfacdf6229dd5c0d209ae2f74511e05ab63b4df18990741f9bda4b0676d2d92125255bec581d4fbf047b80a0b6e4fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
47f0f7ec5f4cef56ab19c09d21eb50bf

SHA1
1fcd7a6fb73305b1c40cc5f090360f2ef8d31063

SHA256
f1b61ea3a8c5dc61e45cc35721e443fc6a2857641f9f090a8752a18fc05a7075

SHA512
a399153ccc3de2fc90679dd43e17a486f1b030bad8811e1eb16e1885733b29e92be46855c13c4100360f7ffed4294f10d571df3ae5c428d3a3a5610c2a858faf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
c8f7ad195a0032682e9cdcbca31d66b3

SHA1
c20cf84ac3ae287e0535882603f19b130fb6a9b2

SHA256
2f0ff744ac55a798818d09fafb0172c34ec757b5eaae54b5360a174fed04b667

SHA512
0ede04f97ef97ffc2da613ec08286a2834894bfe7a9aef11420e809b49bf430af6fe7e13ed3238e2ed922833a7f4676290fd028922100fca34e9fc354833a3e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
110eb930429d94cd71099891203690aa

SHA1
e37f408e917ad54b49884c279dc1dcf03f5f8f12

SHA256
10bbe7c3284ee11f4f4b43c4857f290f50fdeec141d4877a262875a3a0dfe507

SHA512
620e10ff7deab4db9a85f78ee05e90cdecf5f5a977c94e92788d200c7c61e03ed38b322534d2f938c7310fc8cf48f565cb4a9d9f6f02e47ccda0403be7540782

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit